Search

Search Results (363984 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-6646 1 Sissbruecker 1 Linkding 2025-05-27 3.5 Low
A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.
CVE-2023-6655 1 Hrp2000 1 E-hr 2025-05-27 7.3 High
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability.
CVE-2021-27774 1 Hcltech 1 Hcl Digital Experience 2025-05-27 3.1 Low
User input included in error response, which could be used in a phishing attack.
CVE-2023-32975 1 Qnap 2 Qts, Quts Hero 2025-05-27 4.9 Medium
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later
CVE-2022-37232 1 Netgear 2 Wnr2000v4, Wnr2000v4 Firmware 2025-05-27 9.8 Critical
Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.
CVE-2023-44857 1 Cobham 3 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware, Sailor Vsat Ku 2025-05-27 8.1 High
An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component.
CVE-2025-46631 1 Tenda 2 Rx2 Pro, Rx2 Pro Firmware 2025-05-27 6.5 Medium
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request.
CVE-2025-46630 1 Tenda 2 Rx2 Pro, Rx2 Pro Firmware 2025-05-27 6.5 Medium
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request.
CVE-2023-44854 1 Cobham 2 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware 2025-05-27 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file.
CVE-2025-46629 1 Tenda 2 Rx2 Pro, Rx2 Pro Firmware 2025-05-27 6.5 Medium
Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet
CVE-2025-46628 1 Tenda 2 Rx2 Pro, Rx2 Pro Firmware 2025-05-27 7.3 High
Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed.
CVE-2024-28339 1 Netgear 6 Cbk40, Cbk40 Firmware, Cbk43 and 3 more 2025-05-27 5.4 Medium
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVE-2025-46627 1 Tenda 2 Rx2 Pro, Rx2 Pro Firmware 2025-05-27 8.2 High
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address.
CVE-2024-28340 1 Netgear 6 Cbk40, Cbk40 Firmware, Cbk43 and 3 more 2025-05-27 7.5 High
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVE-2025-46626 1 Tenda 2 Rx2 Pro, Rx2 Pro Firmware 2025-05-27 7.3 High
Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service.
CVE-2025-46625 1 Tenda 2 Rx2 Pro, Rx2 Pro Firmware 2025-05-27 8.8 High
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device.
CVE-2025-3346 1 Tenda 2 Ac7, Ac7 Firmware 2025-05-27 8.8 High
A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-45514 1 Tenda 2 Fh451, Fh451 Firmware 2025-05-27 6.5 Medium
Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.
CVE-2025-44877 1 Tenda 2 Ac9, Ac9 Firmware 2025-05-27 9.8 Critical
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2025-44872 1 Tenda 2 Ac9, Ac9 Firmware 2025-05-27 9.8 Critical
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.